Date: Wed, 9 Aug 2000 18:04:32 +0200 (MET DST) From: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz> To: Brad Guillory <round@baileylink.net> Cc: FreeBSD-SECURITY <freebsd-security@FreeBSD.ORG> Subject: Re: pine 4.21 port issues? Message-ID: <Pine.GSO.4.10.10008091751340.18134-100000@nenya.ms.mff.cuni.cz> In-Reply-To: <20000809090625.A35124@baileylink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Aug 2000, Brad Guillory wrote:
> I thought that a significant reason for dot locks is flock does not reliably
> work over NFS.
>
> (Please correct me. I would like to be wrong on this one.)
>
> I don't think that this is relevant to FreeBSD-Security though.
Thanks for the answers, especially to Garrett.
I do think this is related to security - this thread came from the
question whether we need world-writable directories on mailservers.
And unfortunately, I feel that the answers is yes - if we want to avoid
mailbox corruption.
From reading the man page for mail.local, I see that there're several
mailbox locking conventions - and I do not think that every single MUA
or a LMDA-helper (e.g., procmail) consults the local mail-delivery
policy at compile time. And it seems to me that the only way, how to
check this reliably, is to human-read the mail.local page.
FreeBSD mail.local tries to comply with as many of these conventions as
it can (a flock is done, and a .lock is tried), however, it seems to me,
that to avoid collisions with programs relying only on .lock, the only
safe way is to allow .lock files in the /var/mail directory.
Vlada
> On Wed, Aug 09, 2000 at 09:52:40AM -0400, Garrett Wollman wrote:
> >
> > It's defined by the local mail delivery agent (in FreeBSD,
> > mail.local). If you read the manual page, this is quite clear. (Our
> > mail.local also creates .lock files, but these cannot be relied upon.
> > These files were originally created because early Unix didn't have
> > file locking, and have persisted thanks to Sun brain-damage.) Using
> > file locking permits MUAs to operate without any elevated privilege,
> > without requiring a world-writable spool directory
> > (although the MDA must still run as root in order to write to user
> > mailboxes and potentially chown new mailboxes to their respective
> > users).
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.10.10008091751340.18134-100000>